diff -r b341698bf3b1 -r a40056afef83 app/soc/views/helper/access.py
--- a/app/soc/views/helper/access.py	Fri Jan 23 22:57:10 2009 +0000
+++ b/app/soc/views/helper/access.py	Fri Jan 23 23:42:07 2009 +0000
@@ -245,8 +245,8 @@
   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
 
 def checkCanCreateFromRequest(role_name):
-  """Raises an alternate HTTP response if the specified invite does not exist
-     or if it has not been group_accepted. 
+  """Raises an alternate HTTP response if the specified request does not exist
+     or if it's state is not group_accepted. 
   """
   def wrapper(request, args, kwargs):
     checkAgreesToSiteToS(request, args, kwargs)
@@ -262,15 +262,16 @@
 
     request_entity = request_logic.getFromFieldsOr404(**fields)
 
-    if not request_entity.group_accepted:
+    if request_entity.state != 'group_accepted':
       # TODO tell the user that this request has not been accepted yet
       deny(request, args, kwargs)
 
     return
   return wrapper
 
-def checkIsMyUncompletedRequest(request, args, kwargs):
-  """Raises an alternate HTTP response if the specified Request has been completed.
+def checkIsMyGroupAcceptedRequest(request, args, kwargs):
+  """Raises an alternate HTTP response if the specified request does not exist
+     or if it's state is not group_accepted
   """
   checkAgreesToSiteToS(request, args, kwargs)
 
@@ -282,8 +283,7 @@
 
   fields = {'link_id' : kwargs['link_id'],
             'scope_path' : kwargs['scope_path'],
-            'role' : kwargs['role'],
-            'completed' : False}
+            'role' : kwargs['role']}
 
   request_entity = request_logic.getForFields(fields, unique=True)
 
@@ -291,6 +291,9 @@
     # TODO return 404
     return deny(request, args, kwargs)
 
+  if request_entity.state != 'group_accepted':
+    return deny(request, args, kwargs)
+
   return
 
 def checkIsHost(request, args, kwargs):
@@ -306,6 +309,14 @@
     * if no User exists for the logged-in Google Account, or
     * if the user is not even logged in
   """
+
+  try:
+    # if the current user is invited to create a host profile we allow access
+    checkIsDeveloper(request, args, kwargs)
+    return
+  except out_of_band.Error:
+    pass
+
   checkAgreesToSiteToS(request, args, kwargs)
 
   user = user_logic.getForFields({'account': users.get_current_user()},